Page 1 of 1

ret2libc blues? try "Prelink"...

Posted: 10 Feb 2018, 13:26
by n0ctilucient
Since libraries move around in memory, there is a performance penalty for resolution. This penalty increases for each additional library needing resolution. Prelinking reduces this penalty by resolving libraries by linking in advance. Afterward, resolution only occurs if the libraries have changed since being prelinked, such as following perhaps an upgrade.

...prelink will (when run with the "-R" option) randomly select the address base that libraries are loaded at. This makes it more difficult to perform a return-to-libc attack on the system, because the addresses used are unique to that system.

see... Prelink: Linux
Package is @... ... e=#results
Source is @...

Mileage many vary... this tactic is best used with Musl (which in the event of a "leaking" exploit is immune to Return-to-libc attack ).

I believe it's best to use the -a -C -f -R parameters.

Prelink contains "exestack". For extra src2pkg "hardening" it should be set to off...
Src2pkg.conf w/ "hardened" EXTRA_FLAGS
The package maintainer can turn off execstack when linking the app by  
adding "-Wl,-z,noexecstack" to the LDFLAGS (or CFLAGS) in the Makefile.